Lei Hou,Haixin Duan,Jianping Wu

DOI: https://doi.org/10.1109/icpads.2008.42

2008-01-01

Abstract:In Peer-to-Peer (P2P) networks if adversaries such as Sybil attackers have got most identities in the network, they will control routing table or traffic. In this paper, we propose a framework based on two complementary techniques to defense malicious node after they transmit data to other malicious peers instead of honest peers. The first approach, based on behaviors of destination nodes, is used to count the local nodes’ credit values in a period of Credit Construction Time. The second approach is updating the global nodes’ credit values between schedulers. We propose scheduler to maintain the trust relationship between global nodes. In order to assess the effectiveness of the above techniques, we extend Eclipse attack code in simulator p2pSim-0.3 and implement scheduler defense malicious attack behavior algorithm based on both credit and proximity. We adopt Chord protocol and Euclidean topology to implement scheduling algorithm, but the same methodology can be applied to other protocols and topologies as well.

Yi Shen,Chunming Wu,Dezhang Kong,Mingliang Yang

DOI: https://doi.org/10.1109/icc40277.2020.9149276

2020-01-01

Abstract:Distributed Denial of Service (DDoS) attack is one of the most severe threats to the current network security. As a new network architecture, Software-Defined Networking (SDN) draws notable attention from both industry and academia. The characteristics of SDN such as centralized management and flow-based traffic monitoring make it an ideal platform to defend against DDoS attacks. When designing a network intrusion detection system (NIDS) in SDN, how to obtain fine-grained flow information with minimal overhead to the SDN architecture is a problem to be solved. In this paper, we propose TPDD, a two-phase DDoS detection system to detect DDoS attacks in SDN. In the first phase, we utilize the characteristics of SDN to collect coarse-grained flow information from the core switches and locate the potential victim. Then we monitor the edge switches located close to the potential victim to obtain finer-grained traffic information in the second phase. The collection method of each phase fully considers the impact on the bandwidth between the controller and switches. Without modifying the existing flow rules, the collection module can obtain sufficient information about traffic. By using entropy-based and machine learning-based methods, the detection module can effectively detect anomalies and identify whether the potential victim marked in the first phase is the target of attacks. Experimental results show that TPDD can effectively detect DDoS attacks with little overhead.

JunPeng Mao,YanLi Cui,JianHua Huang,JianBiao Zhang

DOI: https://doi.org/10.1109/cmc.2009.286

2009-01-01

Abstract:Convenient, rapid, efficient and anonymous characteristic of P2P technology, enables P2P network gathering enormous users very quickly, and P2P traffic has occupied 60~80% bandwidth of Internet. Such giant traffic has formed a threat to the service quality of other Internet application and the security of Internet itself. However, most study about P2P traffic focuses on traffic monitoring and characteristic identifying technique. Rare study analyzes P2P traffic behavior from P2P mechanism itself. This paper construct P2P network queuing model, analyzes the influence of related factors to the load-scale of concrete resource. Main conclusion including, compared with other factors, average degree of node and TTL value is the most key factor to load-scale. Load-scale increases with node quantity, initial number of objected resource and resource’s total quantity, however, when those quantity reach to some critical threshold, the influence of those factors become quite weak to load-scale of resource.

Yunhao Liu,Xiaomei Liu,Chen Wang,Li Xiao

DOI: https://doi.org/10.1109/icpp.2007.31

2007-01-01

Abstract:A flooding-based search mechanism is often used in unstructured P2P systems. Although a flooding-based search mechanism is simple and easy to implement, it is vulnerable to overlay distributed denial-of-service (DDoS) attacks. Most previous security techniques protect networks from network-layer DDoS attacks, but cannot be applied to overlay DDoS attacks. Overlay flooding-based DDoS attacks can be more damaging in that a small number of messages are inherently propagated to consume a large amount of bandwidth and computation resources. We propose a distributed and scalable method, DD-POLICE, to detect malicious nodes in order to defend P2P systems from overlay flooding-based DDoS attacks. We show the effectiveness of DD-POLICE by comprehensive simulation studies. We believe that deploying DD-POLICE will make P2P systems more scalable and robust.

ZhiXin Sun,BingQing Luo,YaDang Chen,Kai Bu

DOI: https://doi.org/10.1007/s11432-012-4618-3

2013-01-01

Science China Information Sciences

Abstract:Distributed search and routing algorithms based on the DHT (distributed hash table) protocol have attracted considerable attention in structured P2P (peer-to-peer) research as a result of favorable properties such as distribution, self-organization, and high scalability. Compared with a traditional C/S (client/server) network, the probability of peers initiating malicious behavior increases dramatically because of their self-governing and dynamic characteristics, which also make it harder to satisfy the peers’ security required by DHT. In this paper, we propose a new secure DHT protocol based on a multidimensional mapping mechanism. This mechanism maps peers to a multidimensional space by dividing the identifiers into groups. Moreover, a series of secure methods and routing algorithms are provided to achieve secure DHT in smaller spaces. Compared with state-of-the-art approaches, the theoretical analysis and experimental results show that the multidimensional mapping mechanism can effectively improve the average success rate of a resource search by inhibiting malicious behavior.

Li Xiao,Yunhao Liu

2004-01-01

Abstract:Current and future Internet and distributed systems rely on both centralized client-server model and decentralized peer-to-peer (P2P) model. P2P model is an emerging technology aiming to effectively utilize and manage increasingly large and globally distributed information and computing resources, complementing the available client-server services. In order to truly adopt the P2P model for deploying large-scale Internet applications, and timely merge this model as an indispensable component in the main stream of distributed computing technology, we must address several major technical challenges including the efficiency of overlay networks, cost-effective P2P information search, and privacy and security protection of peers. This dissertation focuses on addressing two critical issues. The first issue is topology mismatch problem between P2P overlay networks and the underlying physical networks in unstructured P2P systems. Addressing topology mismatch problem can fundamentally improve overall search performance of P2P systems. We demonstrate the seriousness of the topology mismatch problem, and define an optimal overlay problem that is proved to be a NP-hard problem. We then develop several effective schemes and algorithms to alleviate the topology mismatch problem. Our proposed algorithms are completely distributed, scalable and effective. Simulation studies show that the total traffic and response time of the queries can be significantly reduced by these schemes without shrinking the search scope. The second issue is overlay distributed denial-of-service (DDoS) attack in P2P systems. Most previous security techniques protect networks from network-layer DDoS attacks, but cannot be applied to overlay DDoS attacks. We propose a distributed and scalable method, DD-POLICE, to detect malicious nodes in order to defend P2P systems from overlay flooding-based DDoS attacks. We show the effectiveness of DD-POLICE by simulation studies and implementation on Gnutella 0.6 protocols. We believe that widely employing these proposed approaches will make P2P systems more scalable and robust.

PU Rong-fu,MA Xin-xin,QIN Zhi-guang

DOI: https://doi.org/10.3969/j.issn.1001-0548.2008.02.029

2008-01-01

Abstract:In unstructured Peer-to-Peer (P2P) systems such as Gnutella,the general routing search mechanism used is to blindly flood a query to the network among peers. However,the blindly flooding search mechanism makes the whole network subjected to distributed denial of service (DDoS) attacks. In order to alleviate or minimize the bad effect due to behavior of malicious nodes making use of the flooding search mechanism,we propose the Markov-based evaluation (ME) mechanism in which reputation is applied as incentive pattern called a trusted based incentive scheme. Trust based incentive is enabled by evaluating the transaction history of the peer and changing the peer’s significance or capacity within the P2P network based on this evaluation. Our simulation study shows that this approach can effectively isolate the malicious peer and its message transmitting and improve resilience against DDoS attack.

马新新,赵洋,秦志光

2007-01-01

Journal of Electronic Science and Technology

Abstract:In unstructured peer-to-peer（P2P） systems such as Gnutella,a general routing search algorithm is used to blindly flood a query through network among peers. But unfortunately,malicious nodes could easily make use of the search approach launching distributed denial of service（DDoS） attack which aims at the whole network. In order to alleviate or minimize the bad effect due to behavior of malicious nodes using the flooding search mechanism,the paper proposes a Markov-based evaluation model which exerts the trust and reputation mechanism to computing the level of trustworthy of nodes having the information requested by evaluation of the nodes’ history behavior. Moreover,it can differentiate malicious nodes as early as possible for isolating and controlling the ones’ message transmitted. The simulation results of the algorithm proposed show that it could effectively isolate malicious nodes,and hold back the transmission of vicious messages so that it could enhance tolerance of DDoS based on flooding in Gnutella-like P2P network.

Jiawei Li,Hui Wang,Jilong Wang

2023-01-01

Abstract:Distributed denial of service (DDoS) is one of the most common and damaging cyber attacks, and its impact grows rapidly with the massive use of Internet. Collaborative DDoS defense across countries enables faster and more efficient DDoS attack mitigation. Collaboration requires countries that are not target victims to help detect and block the malicious flow, but selfish countries may refuse to do so because lacking individual gain compared with individual cost. In this paper, we model a stochastic game where selfish countries interact repeatedly and form coalitions to defend DDoS attacks. We design a multi-agent system, Cedric, to simulate and solve this complex stochastic game. Each agent adopts Q-learning to find their long-term optimal strategies, and credits are used to encourage efficient collaboration. The Shapley Value based reward assignment of Cedric satisfies several desired properties about fairness and stability. Simulations with trace data of over 7 years' global DDoS attacks support the superiority of Cedric empirically.

耿技,马新新

DOI: https://doi.org/10.3969/j.issn.1001-0548.2009.06.020

2009-01-01

Abstract:A distributed self-adaptive defense mechanism based on peer identification and real-time flow filtering is proposed in this paper under the research of DDos attacks in P2P network which is established on Gnutella protocol.In this mechanism,peers in such network can actively block the connection with malicious nodes by building local trust and reputation mechanism and keep away DDos attacks through real-time detection of the characteristic of DDos attack.Simulation result shows that our proposed distributed defense mechanism against DDos attacks can effectively improve the network resistance by obstructing 75% of the malicious messages and blocking 80% of the retransmission of them.

Xi Ling,Jiongchi Yu,Ziming Zhao,Zhihao Zhou,Haitao Xu,Binbin Chen,Fan Zhang

DOI: https://doi.org/10.1007/978-3-031-54773-7_12

2024-01-01

Abstract:With the proliferation of Internet development, Distributed Denial of Service (DDoS) attacks are on the rise. As rule-based traffic analysis frameworks and Deep Packet Inspection (DPI) defense measures can effectively thwart many DDoS attacks, attackers keep exploring various attack surfaces and traffic amplification strategies to nullify the defense. In this paper, we propose DDoSMiner, an automated framework for DDoS attack characterization and vulnerability mining. DDoSMiner analyzes system call patterns of the TCP-based DDoS attack family, then generates Attack Call Flow Graph (ACFG) by discerning the differences between DDoS attack traffic and benign traffic. Furthermore, DDoSMiner identifies and extracts drop nodes and pivotal TCP states from the distinctive characteristics of attack traffic, then passes to the symbolic execution framework for exploring variants of the DDoS attack. We collectively analyze six types of TCP-based DDoS attacks, construct the corresponding ACFG, and identify a set of attack traffic variants. The attack traffic variants are evaluated on the widely used Network Intrusion Detection System (NIDS) Snort with three popular rule sets. The result shows that DDoSMiner indeed discovers the new DDoS attack trace, and the corresponding attack traffic can bypass all three defense toolkits.

ZHANG Shao-jun,LI Jian-hua,CHEN Xiu-zhen,HU Wei

DOI: https://doi.org/10.3321/j.issn:1006-2467.2008.02.009

2008-01-01

Abstract:As one of the most notorious network attacks,distributed denial-of-service(DDoS) attack is famous for its easiness to launch and difficulty to defend.DDoS attack was regarded as a multistage game of incomplete information with observable actions and its extensive form was given out.It is pointed out that to attain the game's perfect Bayes equilibrium,the problem of computing and modifying the belief value of each player's type must be solved.As a practice of this viewpoint,a method of filtering attack stream according to its package rate and source address distribution characteristic was proposed.Finally, simulation was given out to demonstrate the effectiveness of the method.

Tao Wei,Zhiyin Liang,Runpu Wu

DOI: https://doi.org/10.1007/978-3-642-25769-8-86

2012-01-01

Abstract:We propose a new mitigation mechanism against DDoS called Pseudonymous Credit Driven Mechanism (PsCredit). The primary driving force of this mechanism is a new cyberspace economic modeling - pseudonymous credit modeling, which provides a suitable ROI scheme and support for roaming and privacy. This mechanism can process packets at wire-speed, and it can defend effectively against all known DDoS attacks. © Springer-Verlag Berlin Heidelberg 2012.

Yinan Jing,Xueping Wang,Xiaochun Xiao,Gendu Zhang

DOI: https://doi.org/10.1007/11839569_45

2006-01-01

Abstract:Distributed denial-of-service attack is one of major threats to Internet today. Rate limit algorithm with max-min fairness is an effective countermeasure to defeat flooding-style DDoS attacks under the assumption that attackers are more aggressive than legitimate users. However, under a “meek” DDoS attack where such an assumption is no longer valid, it will fail to protect legitimate traffic effectively. In order to improve the survival ratio of legitimate packets, an IP traceback based rate limit algorithm is proposed. Simulation results show that it could not only mitigate the DDoS attack effect, but also improve the throughput of legitimate traffic even under a meek attack.

Bingshuang Liu,Skyler Berg,Jun Li,Tao Wei,Chao Zhang,Xinhui Han

DOI: https://doi.org/10.1109/ICCCN.2014.6911808

2014-01-01

Abstract:Distributed reflective denial of service (DRDoS) attacks, especially those based on UDP reflection and amplification, can generate hundreds of gigabits per second of attack traffic, and have become a significant threat to Internet security. In this paper we show that an attacker can further make the DRDoS attack more dangerous. In particular, we describe a new DRDoS attack called store-and-flood DRDoS, or SF-DRDoS. By leveraging peer-to-peer (P2P) file-sharing networks, SF-DRDoS becomes more surreptitious and powerful than traditional DRDoS. An attacker can store carefully prepared data on reflector nodes before the flooding phase to greatly increase the amplification factor of an attack. We implemented a prototype of SF-DRDoS on Kad, a popular Kademlia-based P2P file-sharing network. With real-world experiments, this attack achieved an amplification factor of 2400 on average, with the upper bound of attack bandwidth at 670 Gbps in Kad. Finally, we discuss possible defenses to mitigate the threat of SF-DRDoS.

Gang Lei,Lejun Ji,Ruiwen Ji,Yuanlong Cao,Xun Shao,Xin Huang

DOI: https://doi.org/10.1155/2021/2264187

2021-07-07

Wireless Communications and Mobile Computing

Abstract:The multipath TCP (MPTCP) enables multihomed mobile devices to realize multipath parallel transmission, which greatly improves the transmission performance of the mobile communication network. With the rapid development of all kinds of emerging technologies, network attacks have shown a trend of development with many types and rapid updates. Among them, low-rate distributed denial of service (LDDoS) attacks are considered to be one of the most threatening issues in the field of network security. In view of the current research status, by using the network simulation software NS2, this paper first compares and analyzes the throughput and delay performance of the MPTCP transmission system under LDDoS attacks and, further, conducts simulation experiments and analysis on the queue occupancy rate of the LDDoS attack flow to extract the basic attack characteristics of the LDDoS attacks. The experimental results show that the LDDoS attacks will have a major destructive effect on the throughput performance and delay performance of the MPTCP transmission system, resulting in a decrease in the robustness of the transmission system. By analyzing and comparing the occupancy rate of the LDDoS attack flow in the MPTCP transmission system, it can be concluded that (1) the occupancy rate of the LDDoS scattered pulse traffic sent by each puppet machine changes slightly, and (2) the occupancy rate of LDDoS attack data flow is much greater than that of ordinary TCP data flow.

computer science, information systems,telecommunications,engineering, electrical & electronic

Hongliang Yu,Guangyu Shi,Jian Chen,Xiongfei Weng,Weimin Zheng

DOI: https://doi.org/10.1007/978-3-642-10549-4_6

2009-01-01

Abstract:Peer-to-Peer(P2P) applications such as Bit Torrent and Coolstreaming ignore inter-AS traffic costs at ISPs and generate a large amount of cross ISP traffic As a result, ISPs always restrict the BT application to control the inter-AS traffic cost In this paper, we designe a new locality-awareness selection approach multi-metric neighbor selection algorithm, to enhance local traffic Based on pwhois query, the algorithm selects the neighbors within the same AS and district as source peers. and uses roulette method based on link bandwidth and latency to choose the final partner peers Redundancy traffic calculation were implemented to prove the effectiveness of our approach We evaluate two widely deployed P2P system. Bit Torrent and Cool Streaming. under the real damsel from PlannetLab in our evaluations The results demonstrate our algorithm effects both improving the download time and reducing the inter-AS traffic Further more, the network congestion can be eased under our algorithm

Yinan Jing,Jingtao Li,Xueping Wang,Xiaochun Xiao,Gendu Zhang

DOI: https://doi.org/10.1109/aina.2006.22

2006-01-01

Abstract:Distributed denial-of-service attacks have become the major threat to Internet today. IP traceback is one of the most effective techniques to defeat these attacks by identifying attack sources even in the presence of IP spoofing. Because of low marking packet utilization, the convergence time of traditional probabilistic packet marking (PPM) schemes is still too long. In order to shorten the convergence time, a distributedlog- based IP traceback scheme is proposed. Theoretical analysis and simulation results show that this scheme not only can converge more quickly than previous PPM schemes, but also has much less log overhead than other log-based schemes.

Zhihong Tian,Mingzeng Hu,Bin Li,Bo Liu,Hongli Zhang

2006-01-01

Abstract:Distributed denial of service DDoS is a major threat to the availability of Internet services. As one of the most difficult problems in network security, it has received considerable attention from the mass media and the research community. In this paper, we design an effective and practical countermeasure which allows a general-purpose TCP-based public server to sustain high availability even during severe DDoS attacks. A novel microeconomic framework based on Generalized Vickrey auction GVA is proposed. By adopting this mechanism, not only the availability of services is improved, but also the total utility of legitimate clients can be maximized. Initial simulations have shown that this mechanism is highly effective in preferentially dropping attacker traffic over legitimate client traffic, and the protected server can remain operational under various system loads and severely attacked conditions. The results indicate that it is a promising approach to countering DDoS attacks.

Mo Zhou,Yafei Dai,Xiaoming Li

DOI: https://doi.org/10.1155/2007/27958

2007-01-01

Abstract:The architecture of P2P file-sharing applications has been developing to meet the needs of large scale demands. The structured overlay network, also known as DHT, has been used in these applications to improve the scalability, and robustness of the system, and to make it free from single-point failure. We believe that the measurement study of the overlay network used in the real filesharing P2P systems can provide guidance for the designing of such systems, and improve the performance of the system. In this paper, we perform the measurement in two different aspects. First, a modified client is designed to provide view to the overlay network from a single-user vision. Second, the instances of crawler programs deployed in many nodes managed to crawl the user information of the overlay network as much as possible. We also find a vulnerability in the overlay network, combined with the character of the DNS service, a more serious DDoS attack can be launched.